Liquibase Secure 5.0.2 release notes

Liquibase Secure 5.0.2 is a maintenance release focused on dependency updates. This does not affect Liquibase Community at all.

What's Included IMPORTANT

This release only contains an update to a MSSQL driver to address CVE-2025-59250

Changelog

[DAT-21214] Bump MSSQL driver versions to address CVE-2025-59250

PR 2976 by @abrackx

CVEs and impacted libraries

CVE ID	Security Score	Library and Impact Assessment
CVE-2025-59250	CVSS 8.1 High	Status: Potentially applicable - if using Microsoft SQL Server JDBC driver Customer Impact: Requires attacker to control/intercept network traffic between Liquibase and SQL Server Remediation: If using SQL Server, update to Liquibase 5.0.2 - Attack Vector: Network-based spoofing attack that could allow an attacker to intercept SQL credentials through certificate manipulation - Conditions Required: Attacker must trick a user into connecting to a malicious server (via DNS poisoning or phishing)

CVE ID

Security Score

Library and Impact Assessment

CVE-2025-59250

CVSS 8.1 High

Status: Potentially applicable - if using Microsoft SQL Server JDBC driver Customer Impact: Requires attacker to control/intercept network traffic between Liquibase and SQL Server Remediation: If using SQL Server, update to Liquibase 5.0.2 - Attack Vector: Network-based spoofing attack that could allow an attacker to intercept SQL credentials through certificate manipulation - Conditions Required: Attacker must trick a user into connecting to a malicious server (via DNS poisoning or phishing)